package com.waitingresult.security.security02.config;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * @Author: WangShuai
 * @CreateTime: 2022-12-05  18:15
 * @Description: TODO
 * @Version: 1.0
 */
@EnableWebSecurity
public class SecurityConfig {

    /**
     *  自定义Security的安全规则
     * @param http
     * @return
     * @throws Exception
     */
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
//        //关闭CSRF
//        http.csrf().disable();
//        //关闭session
//        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        // 添加自定义过滤器
        http
                .authorizeRequests()
                //放行哪些参数
                // 指定某些接口不需要通过验证即可访问。像登陆、注册接口肯定是不需要认证的
                .antMatchers("/index").permitAll()
                //剩下的所有参数 全部需要认证
                .anyRequest().authenticated()
                // 使用默认的登陆页面，如果不加上这段 默认是受保护的页面直接返回拒绝访问
            .and().formLogin()
        ;
        //   http.formLogin().failureForwardUrl("失败的认证处理器").successForwardUrl("成功的认证处理器");
        return http.build();
    }
}
